Recent 03/05/2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTICVE
16:137.67.3internment Crate memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-28037
16:136.56.2quinn Crate SocketAddrV6 memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2021-28036
16:127.67.3stack_dst Crate push_inner uninitialized pointer$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-28035
16:127.67.3stack_dst Crate push_inner double free$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-28034
16:117.67.3byte_struct Crate deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-28033
16:117.67.3nano_arena Crate split_at out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-28032
16:107.67.3scratchpad Crate move_elements double free$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-28031
16:105.55.3truetype Crate take_bytes uninitialized pointer$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-28030
16:065.55.3toodee Crate Row Insert uninitialized pointer$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-28029
16:057.67.3toodee Crate Row Insert double free$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-28028
16:047.67.3bam Crate bgzip Block Load out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-28027
16:005.24.9SUSE Rancher cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-25313
16:004.84.6Movable Type Add Asset Screen cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-20665
15:594.84.6Movable Type Asset Registration Screen cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-20664
15:584.84.8Movable Type Role Authority Setting cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-20663
15:577.67.3Zoho ManageEngine Application Control Plus Nginx Configuration Setting access control$0-$5k$0-$5kNot DefinedOfficial Fix0.01CVE-2020-29658
15:564.54.3activerecord-session_store timing discrepancy$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-25025
10:597.67.3MSI Dragon Center IOCTL Request MsIo64.sys buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-27965
10:588.07.7SonLogger POST Request SaveUploadedHotspotLogoFile unrestricted upload$0-$5k$0-$5kNot DefinedOfficial Fix0.01CVE-2021-27964
10:577.77.4SonLogger POST Request saveUser improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-27963
10:567.77.4SonicWALL Directory Services Connector SSO Agent improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-5148
10:556.96.6IdentityModel Branca improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-36255
10:546.96.9Sangoma Asterisk SIP Request chan_sip.c improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-18351
10:527.07.0ytnef File ytnef.c SwapWord heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-3404
10:517.07.0ytnef ytnef.c TNEFSubjectHandler double free$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-3403
10:508.58.5Doctor Appointment System admin.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-27314
10:493.93.9Yubico yubihsm-shell _send_secure_msg out-of-bounds read$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-27217
10:475.45.1NetApp Clustered Data ONTAP SMB Access denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-26989
10:433.53.4NetApp Clustered Data ONTAP information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-26988
10:367.67.6AfterLogic Aurora/WebMail Pro DAV DAVServer.php pathname traversal$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-26293
10:365.85.8Joomla! Form Filter input validation$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2021-26029
10:355.55.5Joomla! ZIP Package path traversal$5k-$25k$5k-$25kNot DefinedNot Defined0.08CVE-2021-26028
10:355.45.4Joomla! Category exposure of resource$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-26027
10:343.33.1Samsung Internet Permission permission$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-25348
10:345.35.1Samsung Mobile Device Email App improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25347
10:338.07.7Samsung Mobile Device quram Library memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2021-25346
10:324.94.7Samsung Mobile Device hwcomposer denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25345
10:324.44.2Samsung Mobile Device knox_custom Service permission$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-25344
10:304.74.5Samsung Mobile Device memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25343
10:293.33.2Samsung SMP SDK Provider denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25342
10:283.73.5Samsung S Assistant denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25341
10:273.43.2Samsung Mobile Device Keyboard access control$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-25340
10:255.75.4Samsung Mobile Devices HArx memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25339
10:245.75.4Samsung Mobile Devices RKP access control$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-25338
10:235.95.7Samsung Mobile Devices Clipboard Service access control$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25337
10:194.13.9Samsung Mobile Devices NotificationManagerService privileges management$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-25336
10:182.42.3Samsung Mobile Devices Lockscreen access control$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25335
10:175.04.8Samsung Mobile Devices Application denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25334
10:162.22.1Samsung Pay Mini Application Lockscreen access control$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25333
10:152.42.3Samsung Pay Mini Application Lockscreen access control$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25332

Interested in the pricing of exploits?

See the underground prices here!